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DETAILED ACTION 
Claim Objections 

Claims 2 and 10 are objected to because of the following informalities in lines 7 
and 6, respectively: The word "commination" which it apparently is a misspelled 
representation of the word communication. Appropriate correction is required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claim 4 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Regarding claim 4, this claim in line 3 recites "reception section receives an 
encapsulated illegal access data by the illegal access data detection device from the 
illegal access data detection device" which is unclear statement. Appropriate correction 
is required. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
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by another who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 

Claims 1-3 and 9-11 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Rothermel et al (6,678,827 B1; hereinafter Rothermel). 

Claim 1 

Rothermel discloses: 

An illegal access data handling apparatus, being placed outside a given internal 
communication network (see col. 1, lines 22-36, where unauthorized external access 
corresponds to the recited illegal access data; col. 6, lines 7-20, where the Network 
Security Device Management and the supervisor devices are functionally equivalent to 
the recited illegal access data handling apparatus; col. 14, lines 50-59), for receiving 
illegal access data transmitted from a data communication device placed outside the 
internal communication network for a purpose of illegally accessing the internal 
communication network (see col. 6, lines 7-20; col. 9, lines 14-27, where a NSD 
transmits security information about an of event of interest corresponding to the recited 
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illegal access data to a supervisor device), and for taking countermeasures against the 
illegal access data received (see col. 15, lines 30-57). 

Claim 2 

Rothermel discloses: 

The illegal access data handling apparatus of claim 1 , wherein the illegal access 
data handling apparatus is connected to an illegal access data detection device for 
relaying a data communication between a data communication device placed within the 
internal communication network and a data communication device placed outside the 
internal communication network (see col. 4, lines 30-48; col. 6, lines 7-20, where the 
Network Security Device Management and the supervisor devices are functionally 
equivalent to the recited illegal access data handling apparatus and the Network 
Security Device that is placed between external devices and the internal devices 
corresponds to the recited illegal access data detection device), and for detecting the 
illegal access data, and wherein the illegal access data handling apparatus receives the 
illegal access data from the illegal access data detection device (see col. 15, lines 3-15; 
col. 16, lines 7-55, where the NSD detects unauthorized packets and transmits 
information related to this event to a supervisor device). 

Claim 3 

Rothermel discloses: 

The illegal access data handling apparatus of claim 2, comprising: 
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a data reception section for receiving the illegal access data from the illegal 
access data detection device (see col. 16, lines15-20); 

a data analysis section for analyzing the illegal access data received by the data 
reception section (see col. 3, lines 45-57; col. 4, lines 43-48); 

a response data generation section for generating response data to the illegal 
access data based upon an analysis result from the data analysis section (see col. 4, 
line 49-col. 5, line 13, where the templates corresponds to the recited response data); 
and 

a data transmission section for transmitting the response data generated by the 
response data generation section to the illegal access data detection device (see col. 4, 
lines 65-col. 5, line 3). 

Claim 9 

Rothermel discloses: 

A method for handling illegal access data outside a given internal communication 
network, the method comprising (see Fig. 1): 

receiving illegal access data transmitted from a data communication device 
placed outside the internal communication network for a purpose of illegally accessing 
the internal communication network (see col. 6, lines 7-20; col. 9, lines 14-27, where a 
NSD transmits security information about an of event of interest corresponding to the 
recited illegal access data to a supervisor device); and 
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taking countermeasures against the illegal access data received (see col. 15, 
lines 30-57). 

Claim 10 

Rothermel discloses: 

The method of claim 9, comprising: 

communicating with an illegal access data detection device for relaying a data 
communication between a data communication device placed within the internal 
communication network and a data communication device placed outside the internal 
communication network, and for detecting the illegal access data (see col. 4, lines 30- 
48; col. 6, lines 7-20, where the Network Security Device Management and the 
supervisor devices are functionally equivalent to the recited illegal access data handling 
apparatus and the Network Security Device that is placed between external devices and 
the internal devices corresponds to the recited illegal access data detection device); and 

receiving the illegal access data from the illegal access data detection device 
(see col. 15, lines 3-15; col. 16, lines 7-55, where the NSD detects unauthorized 
packets and transmits information related to this event to a supervisor device). 

Claim 11 

Rothermel discloses: 

The method of claim 10, comprising: 
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receiving the illegal access data from the illegal access data detection device 
(see col. 16, lines15-20); 

analyzing the illegal access data received by the receiving (see col. 3, lines 45- 
57; col. 4, lines 43-48); 

generating response data to the illegal access data based upon an analysis 
result from the analyzing (see col. 4, line 49-col. 5, line 13, where the templates 
corresponds to the recited response data); and 

transmitting the response data generated by the generating to the illegal access 
data detection device (see col. 4, lines 65-col. 5, line 3). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
. forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 4, 7 are 8 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rothermel et al (6,678,827 B1 ; hereinafter Rothermel) in view of Reshef et al 
(6,321 ,337 B1 ; hereinafter Reshef). 



Claim 4 

Rothermel discloses: 
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The illegal access data handling apparatus of claim 3, wherein the data reception 
section receives an illegal access data from the illegal access data detection device 
(see col. 5, lines 55-61; col. 16, lines 15-20), and wherein the data transmission section 
transmits the response data to the illegal access data detection device (see col. 5, lines 
55-61; col. 16, lines 15-20; col. 17, lines 23-43) 

Rothermel does not expressly discloses that the illegal access data handling 
apparatus includes a capsulation section for decapsulating the encapsulated illegal 
access data received by the data reception section to extract the illegal access data, 
and encapsulates the response data. 

Reshef, however, discloses a system for protecting an internal network from 
attacks originated from entities located in an external network (see col. 3, lines 45-67). 
Reshef further discloses a capsulation mechanism deployed in security components of 
a gateway to encapsulate and decapsulate the data transmitted between them. 

Therefore, it would be obvious to a person of ordinary skill in the art at the time 
the invention was made to implement a capsulation mechanism as taught in Reshef in 
the system of Rothermel, because it would reinforce the communication between a NSD 
(a detecting device) and a supervisor device (a security managing device) against 
exploitation and against bugs affecting the operation (see Reshef, col. 2, lines 15-30). 



Claim 7 

Rothermel discloses: 
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The illegal access data handling apparatus of claim 4, wherein the data reception 
section receives the illegal access data having authentication information attached to be 
used for data authentication from the illegal access data detection device, and wherein 
the capsulation section performs the data authentication for the illegal access data by 
using the authentication information (see col. 6, lines 1-6; col. 11, lines 34-45). 

Claim 8 

Rothermel discloses: 

The illegal access data handling apparatus of claim 7, wherein the capsulation 
section attaches the authentication information to be used for the data authentication for 
the response data to the response data, and wherein the data transmission section 
transmits the response data having the authentication information attached by the 
capsulation section to the illegal access data detection device (see col. 5, line 52-col. 6, 
line 6; col. 1 1 , lines 34-45, where the communication between the NSDs and supervisor 
devices are encrypted and authenticated for the purpose of security and thus, the 
information transmitted between these devices must have required data to perform 
authentication process). 

Claims 5 are 12 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rothermel et al (6,678,827 B1; hereinafter Rothermel) in view of Moran 
(6,826,697 B1; hereinafter Moran). 
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Regarding claims 5 and 12, Rothermel does not discloses a decoy scheme to 
respond to an illegal access attempt by an unauthorized user (e.g. a hacker) with a 
response to have similar content as a true response. Moran teaches the use of a 
deception server containing false data to be used by suspected users (col. 2, lines 1-5). 
Therefore, it would be obvious to a person of ordinary skill in the art at the time the 
invention was made to implement a decoy computer system as taught in Moran in the 
system of Rothermel, in order to defeat the attackers attempting to access a computer 
system (see Moran, col. 1, lines 57-62). 

Allowable Subject Matter 

Claim 6 is objected to as being dependent upon a rejected base claim, but would 
be allowable if rewritten in independent form including all of the limitations of the base 
claim and any intervening claims. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

US Patent No. 5,414,833 to Hershey et al. 

US Patent No. 2003/0051026 A1 to Carter et al. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Abdulhakim Nobahar whose telephone number is 571- 
272-3808. The examiner can normally be reached on M-T 8-6. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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